CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,541 vulnerabilities with CWE-94
CVE-2013-4478
sup < 0.13.2.1 and 0.14.x < 0.14.1.1 - Remote Code Execution via Email Attachment Filename
CVE-2013-4446
Context module for Drupal 6.x-2.x-6.x-3.2 and 7.x-3.x-7.x-3.0 - Remote Code Execution via _json_decode Function
CVE-2013-4212
Apache Roller < 5.0.2 - Remote Code Execution via OGNL Injection in getText Methods
CVE-2013-5912
Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 - Remote Code Execution via VhttpdMgr
CVE-2013-6866
SAP Sybase ASE <15.0.3 ESD#4.3/15.5<ESD#5.3/15.7<SP50/SP100 Authenticated RCE
CVE-2013-6865
SAP Sybase ASE 15.0.3-15.0.3 ESD#4.3, 15.5-15.5 ESD#5.3, 15.7-15.7 SP50/SP100 - Authenticated RCE
CVE-2013-6830
PineApp Mail-SeCure 3.70 and earlier on 5099SK - Remote Code Execution via nsserver Parameter
CVE-2013-6829
PineApp Mail-SeCure - Remote Code Execution via Ping Host Parameter
CVE-2013-4495
TORQUE Resource Manager < 4.2.6 - Remote Code Execution via Email Parameter to qsub
CVE-2013-4557
SPIP < 3.0.12 - Remote Code Execution via Security Screen Connect Parameter
CVE-2013-3906 HIGH KEV
MS13-096 Microsoft Tagged Image File Format (TIFF) Integer Overflow
CVSS 7.8
CVE-2013-4438
SaltStack Salt < 0.17.1 - Remote Code Execution via YAML Deserialization
CVE-2013-6366
VMware Hyperic HQ 4.6.6 - Authenticated Remote Code Execution via Groovy Script Console
CVE-2013-6349
McAfee Email Gateway 7.0-7.0.4 and 7.5-7.5.1 - Authenticated Remote Code Execution
CVE-2013-3631
NAS4Free <= 9.1.0.1.804 - Authenticated Remote Code Execution via Advanced Execute Command Feature
CVE-2013-3630
Moodle SpellChecker Path Authenticated Remote Command Execution
CVE-2013-2208
tpp 1.3.1 - Remote Code Execution via --exec Command in TPP Template File
CVE-2013-4957
Puppet Enterprise <3.0.1 - Code Injection
CVE-2013-3244
SAP ERP Central Component - Remote Code Execution via CJDB_FILL_MEMORY_FROM_PPB Function
CVE-2013-6025
SAP Sybase Adaptive Server Enterprise 15.7 ESD 2 - Authenticated XML External Entity Injection via XMLParse Procedure
CVE-2013-4830
HP Service Manager 9.30-9.32 - Remote Code Execution
CVE-2013-4203
rgpg < 0.2.3 - Remote Code Execution via Shell Metacharacters in gpg_helper.rb
CVE-2013-5325
Adobe Reader/Acrobat <11.0.05 - XSS
CVE-2013-3894 HIGH
Microsoft Windows - Remote Code Execution via Crafted CMAP Table in TrueType Font
CVSS 8.1
CVE-2013-3200
Microsoft Windows - Remote Code Execution via Crafted USB Device
Details
Vulnerabilities 6,541
Exploit Likelihood Medium